make gsub and sub unavailable in SafeBuffers - Closes #1555

2011-09-08 09:53:41 +02:00 · 2011-09-08 09:53:41 +02:00 · e9f48cdcf4
parent e1b500ec96
commit e9f48cdcf4
2 changed files with 24 additions and 11 deletions
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@ -75,7 +75,8 @@ end

 module ActiveSupport #:nodoc:
  class SafeBuffer < String
-    UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze
+    UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze
+    UNAVAILABLE_STRING_METHODS = ["gsub", "sub"]

    alias_method :original_concat, :concat
    private :original_concat
@ -143,17 +144,29 @@ module ActiveSupport #:nodoc:

    UNSAFE_STRING_METHODS.each do |unsafe_method|
      class_eval <<-EOT, __FILE__, __LINE__
-        def #{unsafe_method}(*args, &block)       # def gsub(*args, &block)
+        def #{unsafe_method}(*args, &block)       # def capitalize(*args, &block)
          to_str.#{unsafe_method}(*args, &block)  #   to_str.gsub(*args, &block)
        end                                       # end

-        def #{unsafe_method}!(*args)              # def gsub!(*args)
+        def #{unsafe_method}!(*args)              # def capitalize!(*args)
          @dirty = true                           #   @dirty = true
          super                                   #   super
        end                                       # end
      EOT
    end

+    UNAVAILABLE_STRING_METHODS.each do |unavailable_method|
+      class_eval <<-EOT, __FILE__, __LINE__
+        def #{unavailable_method}(*args)          # def gsub(*args)
+          raise NoMethodError, "#{unavailable_method} cannot be used with a Safe Buffer object. You should use object.to_str.#{unavailable_method}"
+        end                                       # end
+
+        def #{unavailable_method}!(*args)         # def gsub!(*args)
+          raise NoMethodError, "#{unavailable_method} cannot be used with a Safe Buffer object. You should use object.to_str.#{unavailable_method}"
+        end                                       # end
+      EOT
+    end
+
    protected

    def dirty?
--- a/activesupport/lib/active_support/inflector/methods.rb
+++ b/activesupport/lib/active_support/inflector/methods.rb
@ -21,7 +21,7 @@ module ActiveSupport
    #   "words".pluralize            # => "words"
    #   "CamelOctopus".pluralize     # => "CamelOctopi"
    def pluralize(word)
-      result = word.to_s.dup
+      result = word.to_str.dup

      if word.empty? || inflections.uncountables.include?(result.downcase)
        result
@ -40,7 +40,7 @@ module ActiveSupport
    #   "word".singularize             # => "word"
    #   "CamelOctopi".singularize      # => "CamelOctopus"
    def singularize(word)
-      result = word.to_s.dup
+      result = word.to_str.dup

      if inflections.uncountables.any? { |inflection| result =~ /\b(#{inflection})\Z/i }
        result
@ -66,7 +66,7 @@ module ActiveSupport
    #
    #   "SSLError".underscore.camelize # => "SslError"
    def camelize(term, uppercase_first_letter = true)
-      string = term.to_s
+      string = term.to_str
      if uppercase_first_letter
        string = string.sub(/^[a-z\d]*/) { inflections.acronyms[$&] || $&.capitalize }
      else
@ -88,7 +88,7 @@ module ActiveSupport
    #
    #   "SSLError".underscore.camelize # => "SslError"
    def underscore(camel_cased_word)
-      word = camel_cased_word.to_s.dup
+      word = camel_cased_word.to_str.dup
      word.gsub!(/::/, '/')
      word.gsub!(/(?:([A-Za-z\d])|^)(#{inflections.acronym_regex})(?=\b|[^a-z])/) { "#{$1}#{$1 && '_'}#{$2.downcase}" }
      word.gsub!(/([A-Z\d]+)([A-Z][a-z])/,'\1_\2')
@ -105,7 +105,7 @@ module ActiveSupport
    #   "employee_salary" # => "Employee salary"
    #   "author_id"       # => "Author"
    def humanize(lower_case_and_underscored_word)
-      result = lower_case_and_underscored_word.to_s.dup
+      result = lower_case_and_underscored_word.to_str.dup
      inflections.humans.each { |(rule, replacement)| break if result.gsub!(rule, replacement) }
      result.gsub!(/_id$/, "")
      result.gsub(/(_)?([a-z\d]*)/i) { "#{$1 && ' '}#{inflections.acronyms[$2] || $2.downcase}" }.gsub(/^\w/) { $&.upcase }
@ -149,7 +149,7 @@ module ActiveSupport
    #   "business".classify     # => "Busines"
    def classify(table_name)
      # strip out any leading schema name
-      camelize(singularize(table_name.to_s.sub(/.*\./, '')))
+      camelize(singularize(table_name.to_str.sub(/.*\./, '')))
    end

    # Replaces underscores with dashes in the string.
@ -157,7 +157,7 @@ module ActiveSupport
    # Example:
    #   "puni_puni" # => "puni-puni"
    def dasherize(underscored_word)
-      underscored_word.gsub(/_/, '-')
+      underscored_word.to_str.gsub(/_/, '-')
    end

    # Removes the module part from the expression in the string.
@ -166,7 +166,7 @@ module ActiveSupport
    #   "ActiveRecord::CoreExtensions::String::Inflections".demodulize # => "Inflections"
    #   "Inflections".demodulize                                       # => "Inflections"
    def demodulize(class_name_in_module)
-      class_name_in_module.to_s.gsub(/^.*::/, '')
+      class_name_in_module.to_str.gsub(/^.*::/, '')
    end

    # Creates a foreign key name from a class name.